1. 18 Oct, 2018 9 commits
  2. 06 Oct, 2018 2 commits
    • Dave Chinner's avatar
      xfs: fix data corruption w/ unaligned reflink ranges · b3998900
      Dave Chinner authored
      When reflinking sub-file ranges, a data corruption can occur when
      the source file range includes a partial EOF block. This shares the
      unknown data beyond EOF into the second file at a position inside
      EOF, exposing stale data in the second file.
      
      XFS only supports whole block sharing, but we still need to
      support whole file reflink correctly.  Hence if the reflink
      request includes the last block of the souce file, only proceed with
      the reflink operation if it lands at or past the destination file's
      current EOF. If it lands within the destination file EOF, reject the
      entire request with -EINVAL and make the caller go the hard way.
      
      This avoids the data corruption vector, but also avoids disruption
      of returning EINVAL to userspace for the common case of whole file
      cloning.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      b3998900
    • Dave Chinner's avatar
      xfs: fix data corruption w/ unaligned dedupe ranges · dceeb47b
      Dave Chinner authored
      A deduplication data corruption is Exposed by fstests generic/505 on
      XFS. It is caused by extending the block match range to include the
      partial EOF block, but then allowing unknown data beyond EOF to be
      considered a "match" to data in the destination file because the
      comparison is only made to the end of the source file. This corrupts
      the destination file when the source extent is shared with it.
      
      XFS only supports whole block dedupe, but we still need to appear to
      support whole file dedupe correctly.  Hence if the dedupe request
      includes the last block of the souce file, don't include it in the
      actual XFS dedupe operation. If the rest of the range dedupes
      successfully, then report the partial last block as deduped, too, so
      that userspace sees it as a successful dedupe rather than return
      EINVAL because we can't dedupe unaligned blocks.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      dceeb47b
  3. 05 Oct, 2018 3 commits
  4. 30 Sep, 2018 1 commit
    • Dave Chinner's avatar
      xfs: fix error handling in xfs_bmap_extents_to_btree · e55ec4dd
      Dave Chinner authored
      Commit 01239d77 ("xfs: fix a null pointer dereference in
      xfs_bmap_extents_to_btree") attempted to fix a null pointer
      dreference when a fuzzing corruption of some kind was found.
      This fix was flawed, resulting in assert failures like:
      
      XFS: Assertion failed: ifp->if_broot == NULL, file: fs/xfs/libxfs/xfs_bmap.c, line: 715
      .....
      Call Trace:
        xfs_bmap_extents_to_btree+0x6b9/0x7b0
        __xfs_bunmapi+0xae7/0xf00
        ? xfs_log_reserve+0x1c8/0x290
        xfs_reflink_remap_extent+0x20b/0x620
        xfs_reflink_remap_blocks+0x7e/0x290
        xfs_reflink_remap_range+0x311/0x530
        vfs_dedupe_file_range_one+0xd7/0xe0
        vfs_dedupe_file_range+0x15b/0x1a0
        do_vfs_ioctl+0x267/0x6c0
      
      The problem is that the error handling code now asserts that the
      inode fork is not in btree format before the error handling code
      undoes the modifications that put the fork back in extent format.
      Fix this by moving the assert back to after the xfs_iroot_realloc()
      call that returns the fork to extent format, and clean up the jump
      labels to be meaningful.
      
      Also, returning ENOSPC when xfs_btree_get_bufl() fails to
      instantiate the buffer that was allocated (the actual fix in the
      commit mentioned above) is incorrect. This is a fatal error - only
      an invalid block address or a filesystem shutdown can result in
      failing to get a buffer here.
      
      Hence change this to EFSCORRUPTED so that the higher layer knows
      this was a corruption related failure and should not treat it as an
      ENOSPC error.  This should result in a shutdown (via cancelling a
      dirty transaction) which is necessary as we do not attempt to clean
      up the (invalid) block that we have already allocated.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      e55ec4dd
  5. 29 Sep, 2018 14 commits
    • Brian Foster's avatar
      iomap: set page dirty after partial delalloc on mkwrite · 561295a3
      Brian Foster authored
      The iomap page fault mechanism currently dirties the associated page
      after the full block range of the page has been allocated. This
      leaves the page susceptible to delayed allocations without ever
      being set dirty on sub-page block sized filesystems.
      
      For example, consider a page fault on a page with one preexisting
      real (non-delalloc) block allocated in the middle of the page. The
      first iomap_apply() iteration performs delayed allocation on the
      range up to the preexisting block, the next iteration finds the
      preexisting block, and the last iteration attempts to perform
      delayed allocation on the range after the prexisting block to the
      end of the page. If the first allocation succeeds and the final
      allocation fails with -ENOSPC, iomap_apply() returns the error and
      iomap_page_mkwrite() fails to dirty the page having already
      performed partial delayed allocation. This eventually results in the
      page being invalidated without ever converting the delayed
      allocation to real blocks.
      
      This problem is reliably reproduced by generic/083 on XFS on ppc64
      systems (64k page size, 4k block size). It results in leaked
      delalloc blocks on inode reclaim, which triggers an assert failure
      in xfs_fs_destroy_inode() and filesystem accounting inconsistency.
      
      Move the set_page_dirty() call from iomap_page_mkwrite() to the
      actor callback, similar to how the buffer head implementation works.
      The actor callback is called iff ->iomap_begin() returns success, so
      ensures the page is dirtied as soon as possible after an allocation.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      561295a3
    • Brian Foster's avatar
      xfs: remove invalid log recovery first/last cycle check · ec2ed0b5
      Brian Foster authored
      One of the first steps of log recovery is to check for the special
      case of a zeroed log. If the first cycle in the log is zero or the
      tail portion of the log is zeroed, the head is set to the first
      instance of cycle 0. xlog_find_zeroed() includes a sanity check that
      enforces that the first cycle in the log must be 1 if the last cycle
      is 0. While this is true in most cases, the check is not totally
      valid because it doesn't consider the case where the filesystem
      crashed after a partial/out of order log buffer completion that
      wraps around the end of the physical log.
      
      For example, consider a filesystem that has completed most of the
      first cycle of the log, reaches the end of the physical log and
      splits the next single log buffer write into two in order to wrap
      around the end of the log. If these I/Os are reordered, the second
      (wrapped) I/O completes and the first happens to fail, the log is
      left in a state where the last cycle of the log is 0 and the first
      cycle is 2. This causes the xlog_find_zeroed() sanity check to fail
      and prevents the filesystem from mounting. This situation has been
      reproduced on particular systems via repeated runs of generic/475.
      
      This is an expected state that log recovery already knows how to
      deal with, however. Since the log is still partially zeroed, the
      head is detected correctly and points to a valid tail. The
      subsequent stale block detection clears blocks beyond the head up to
      the tail (within a maximum range), with the express purpose of
      clearing such out of order writes. As expected, this removes the out
      of order cycle 2 blocks at the physical start of the log.
      
      In other words, the only thing that prevents a clean mount and
      recovery of the filesystem in this scenario is the specific (last ==
      0 && first != 1) sanity check in xlog_find_zeroed(). Since the log
      head/tail are now independently validated via cycle, log record and
      CRC checks, this highly specific first cycle check is of dubious
      value. Remove it and rely on the higher level validation to
      determine whether log content is sane and recoverable.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      ec2ed0b5
    • Eric Sandeen's avatar
      xfs: validate inode di_forkoff · 339e1a3f
      Eric Sandeen authored
      Verify the inode di_forkoff, lifted from xfs_repair's
      process_check_inode_forkoff().
      Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      339e1a3f
    • Christoph Hellwig's avatar
      xfs: skip delalloc COW blocks in xfs_reflink_end_cow · f5f3f959
      Christoph Hellwig authored
      The iomap direct I/O code issues a single ->end_io call for the whole
      I/O request, and if some of the extents cowered needed a COW operation
      it will call xfs_reflink_end_cow over the whole range.
      
      When we do AIO writes we drop the iolock after doing the initial setup,
      but before the I/O completion.  Between dropping the lock and completing
      the I/O we can have a racing buffered write create new delalloc COW fork
      extents in the region covered by the outstanding direct I/O write, and
      thus see delalloc COW fork extents in xfs_reflink_end_cow.  As
      concurrent writes are fundamentally racy and no guarantees are given we
      can simply skip those.
      
      This can be easily reproduced with xfstests generic/208 in always_cow
      mode.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      f5f3f959
    • Eric Sandeen's avatar
      xfs: don't treat unknown di_flags2 as corruption in scrub · f369a13c
      Eric Sandeen authored
      xchk_inode_flags2() currently treats any di_flags2 values that the
      running kernel doesn't recognize as corruption, and calls
      xchk_ino_set_corrupt() if they are set.  However, it's entirely possible
      that these flags were set in some newer kernel and are quite valid,
      but ignored in this kernel.
      
      (Validators don't care one bit about unknown di_flags2.)
      
      Call xchk_ino_set_warning instead, because this may or may not actually
      indicate a problem.
      Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      f369a13c
    • YueHaibing's avatar
      xfs: remove duplicated include from alloc.c · 2863c2eb
      YueHaibing authored
      Remove duplicated include xfs_alloc.h
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      2863c2eb
    • Christoph Hellwig's avatar
      xfs: don't bring in extents in xfs_bmap_punch_delalloc_range · 0065b541
      Christoph Hellwig authored
      This function is only used to punch out delayed allocations on I/O
      failure, which means we need to have read the extents earlier.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      0065b541
    • Dave Chinner's avatar
      xfs: fix transaction leak in xfs_reflink_allocate_cow() · df307077
      Dave Chinner authored
      When xfs_reflink_allocate_cow() allocates a transaction, it drops
      the ILOCK to perform the operation. This Introduces a race condition
      where another thread modifying the file can perform the COW
      allocation operation underneath us. This result in the retry loop
      finding an allocated block and jumping straight to the conversion
      code. It does not, however, cancel the transaction it holds and so
      this gets leaked. This results in a lockdep warning:
      
      ================================================
      WARNING: lock held when returning to user space!
      4.18.5 #1 Not tainted
      ------------------------------------------------
      worker/6123 is leaving the kernel with locks still held!
      1 lock held by worker/6123:
       #0: 000000009eab4f1b (sb_internal#2){.+.+}, at: xfs_trans_alloc+0x17c/0x220
      
      And eventually the filesystem deadlocks because it runs out of log
      space that is reserved by the leaked transaction and never gets
      released.
      
      The logic flow in xfs_reflink_allocate_cow() is a convoluted mess of
      gotos - it's no surprise that it has bug where the flow through
      several goto jumps then fails to clean up context from a non-obvious
      logic path. CLean up the logic flow and make sure every path does
      the right thing.
      Reported-by: default avatarAlexander Y. Fomichev <git.user@gmail.com>
      Tested-by: default avatarAlexander Y. Fomichev <git.user@gmail.com>
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200981Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      [hch: slight refactor]
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      df307077
    • Dave Chinner's avatar
      xfs: avoid lockdep false positives in xfs_trans_alloc · 8683edb7
      Dave Chinner authored
      We've had a few reports of lockdep tripping over memory reclaim
      context vs filesystem freeze "deadlocks". They all have looked
      to be false positives on analysis, but it seems that they are
      being tripped because we take freeze references before we run
      a GFP_KERNEL allocation for the struct xfs_trans.
      
      We can avoid this false positive vector just by re-ordering the
      operations in xfs_trans_alloc(). That is. we need allocate the
      structure before we take the freeze reference and enter the GFP_NOFS
      allocation context that follows the xfs_trans around. This prevents
      lockdep from seeing the GFP_KERNEL allocation inside the transaction
      context, and that prevents it from triggering the freeze level vs
      alloc context vs reclaim warnings.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      8683edb7
    • Brian Foster's avatar
      xfs: refactor xfs_buf_log_item reference count handling · 95808459
      Brian Foster authored
      The xfs_buf_log_item structure has a reference counter with slightly
      tricky semantics. In the common case, a buffer is logged and
      committed in a transaction, committed to the on-disk log (added to
      the AIL) and then finally written back and removed from the AIL. The
      bli refcount covers two potentially overlapping timeframes:
      
       1. the bli is held in an active transaction
       2. the bli is pinned by the log
      
      The caveat to this approach is that the reference counter does not
      purely dictate the lifetime of the bli. IOW, when a dirty buffer is
      physically logged and unpinned, the bli refcount may go to zero as
      the log item is inserted into the AIL. Only once the buffer is
      written back can the bli finally be freed.
      
      The above semantics means that it is not enough for the various
      refcount decrementing contexts to release the bli on decrement to
      zero. xfs_trans_brelse(), transaction commit (->iop_unlock()) and
      unpin (->iop_unpin()) must all drop the associated reference and
      make additional checks to determine if the current context is
      responsible for freeing the item.
      
      For example, if a transaction holds but does not dirty a particular
      bli, the commit may drop the refcount to zero. If the bli itself is
      clean, it is also not AIL resident and must be freed at this time.
      The same is true for xfs_trans_brelse(). If the transaction dirties
      a bli and then aborts or an unpin results in an abort due to a log
      I/O error, the last reference count holder is expected to explicitly
      remove the item from the AIL and release it (since an abort means
      filesystem shutdown and metadata writeback will never occur).
      
      This leads to fairly complex checks being replicated in a few
      different places. Since ->iop_unlock() and xfs_trans_brelse() are
      nearly identical, refactor the logic into a common helper that
      implements and documents the semantics in one place. This patch does
      not change behavior.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      95808459
    • Brian Foster's avatar
      xfs: clean up xfs_trans_brelse() · 23420d05
      Brian Foster authored
      xfs_trans_brelse() is a bit of a historical mess, similar to
      xfs_buf_item_unlock(). It is unnecessarily verbose, has snippets of
      commented out code, inconsistency with regard to stale items, etc.
      
      Clean up xfs_trans_brelse() to use similar logic and flow as
      xfs_buf_item_unlock() with regard to bli reference count handling.
      This patch makes no functional changes, but facilitates further
      refactoring of the common bli reference count handling code.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      23420d05
    • Brian Foster's avatar
      xfs: don't unlock invalidated buf on aborted tx commit · d9183105
      Brian Foster authored
      xfstests generic/388,475 occasionally reproduce assertion failures
      in xfs_buf_item_unpin() when the final bli reference is dropped on
      an invalidated buffer and the buffer is not locked as it is expected
      to be. Invalidated buffers should remain locked on transaction
      commit until the final unpin, at which point the buffer is removed
      from the AIL and the bli is freed since stale buffers are not
      written back.
      
      The assert failures are associated with filesystem shutdown,
      typically due to log I/O errors injected by the test. The
      problematic situation can occur if the shutdown happens to cause a
      race between an active transaction that has invalidated a particular
      buffer and an I/O error on a log buffer that contains the bli
      associated with the same (now stale) buffer.
      
      Both transaction and log contexts acquire a bli reference. If the
      transaction has already invalidated the buffer by the time the I/O
      error occurs and ends up aborting due to shutdown, the transaction
      and log hold the last two references to a stale bli. If the
      transaction cancel occurs first, it treats the buffer as non-stale
      due to the aborted state: the bli reference is dropped and the
      buffer is released/unlocked. The log buffer I/O error handling
      eventually calls into xfs_buf_item_unpin(), drops the final
      reference to the bli and treats it as stale. The buffer wasn't left
      locked by xfs_buf_item_unlock(), however, so the assert fails and
      the buffer is double unlocked. The latter problem is mitigated by
      the fact that the fs is shutdown and no further damage is possible.
      
      ->iop_unlock() of an invalidated buffer should behave consistently
      with respect to the bli refcount, regardless of aborted state. If
      the refcount remains elevated on commit, we know the bli is awaiting
      an unpin (since it can't be in another transaction) and will be
      handled appropriately on log buffer completion. If the final bli
      reference of an invalidated buffer is dropped in ->iop_unlock(), we
      can assume the transaction has aborted because invalidation implies
      a dirty transaction. In the non-abort case, the log would have
      acquired a bli reference in ->iop_pin() and prevented bli release at
      ->iop_unlock() time. In the abort case the item must be freed and
      buffer unlocked because it wasn't pinned by the log.
      
      Rework xfs_buf_item_unlock() to simplify the currently circuitous
      and duplicate logic and leave invalidated buffers locked based on
      bli refcount, regardless of aborted state. This ensures that a
      pinned, stale buffer is always found locked when eventually
      unpinned.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      d9183105
    • Brian Foster's avatar
      xfs: remove last of unnecessary xfs_defer_cancel() callers · d5a2e289
      Brian Foster authored
      Now that deferred operations are completely managed via
      transactions, it's no longer necessary to cancel the dfops in error
      paths that already cancel the associated transaction. There are a
      few such calls lingering throughout the codebase.
      
      Remove all remaining unnecessary calls to xfs_defer_cancel(). This
      leaves xfs_defer_cancel() calls in two places. The first is the call
      in the transaction cancel path itself, which facilitates this patch.
      The second is made via the xfs_defer_finish() error path to provide
      consistent error semantics with transaction commit. For example,
      xfs_trans_commit() expects an xfs_defer_finish() failure to clean up
      the dfops structure before it returns.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      d5a2e289
    • Darrick J. Wong's avatar
      xfs: don't crash the vfs on a garbage inline symlink · ae294787
      Darrick J. Wong authored
      The VFS routine that calls ->get_link blindly copies whatever's returned
      into the user's buffer.  If we return a NULL pointer, the vfs will
      crash on the null pointer.  Therefore, return -EFSCORRUPTED instead of
      blowing up the kernel.
      
      [dgc: clean up with hch's suggestions]
      
      Reported-by: wen.xu@gatech.edu
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      ae294787
  6. 26 Aug, 2018 10 commits
    • Linus Torvalds's avatar
      Linux 4.19-rc1 · 5b394b2d
      Linus Torvalds authored
      5b394b2d
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b933d6eb
      Linus Torvalds authored
      Pull timer update from Thomas Gleixner:
       "New defines for the compat time* types so they can be shared between
        32bit and 64bit builds. Not used yet, but merging them now allows the
        actual conversions to be merged through different maintainer trees
        without dependencies
      
        We still have compat interfaces for 32bit on 64bit even with the new
        2038 safe timespec/val variants because pointer size is different. And
        for the old style timespec/val interfaces we need yet another 'compat'
        interface for both 32bit native and 32bit on 64bit"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        y2038: Provide aliases for compat helpers
      b933d6eb
    • Linus Torvalds's avatar
      Merge branch 'ida-4.19' of git://git.infradead.org/users/willy/linux-dax · aba16dc5
      Linus Torvalds authored
      Pull IDA updates from Matthew Wilcox:
       "A better IDA API:
      
            id = ida_alloc(ida, GFP_xxx);
            ida_free(ida, id);
      
        rather than the cumbersome ida_simple_get(), ida_simple_remove().
      
        The new IDA API is similar to ida_simple_get() but better named.  The
        internal restructuring of the IDA code removes the bitmap
        preallocation nonsense.
      
        I hope the net -200 lines of code is convincing"
      
      * 'ida-4.19' of git://git.infradead.org/users/willy/linux-dax: (29 commits)
        ida: Change ida_get_new_above to return the id
        ida: Remove old API
        test_ida: check_ida_destroy and check_ida_alloc
        test_ida: Convert check_ida_conv to new API
        test_ida: Move ida_check_max
        test_ida: Move ida_check_leaf
        idr-test: Convert ida_check_nomem to new API
        ida: Start new test_ida module
        target/iscsi: Allocate session IDs from an IDA
        iscsi target: fix session creation failure handling
        drm/vmwgfx: Convert to new IDA API
        dmaengine: Convert to new IDA API
        ppc: Convert vas ID allocation to new IDA API
        media: Convert entity ID allocation to new IDA API
        ppc: Convert mmu context allocation to new IDA API
        Convert net_namespace to new IDA API
        cb710: Convert to new IDA API
        rsxx: Convert to new IDA API
        osd: Convert to new IDA API
        sd: Convert to new IDA API
        ...
      aba16dc5
    • Linus Torvalds's avatar
      Merge tag 'gcc-plugins-v4.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · c4726e77
      Linus Torvalds authored
      Pull gcc plugin fix from Kees Cook:
       "Lift gcc test into Kconfig. This is for better behavior when the
        kernel is built with Clang, reported by Stefan Agner"
      
      * tag 'gcc-plugins-v4.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        gcc-plugins: Disable when building under Clang
      c4726e77
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d207ea8e
      Linus Torvalds authored
      Pull perf updates from Thomas Gleixner:
       "Kernel:
         - Improve kallsyms coverage
         - Add x86 entry trampolines to kcore
         - Fix ARM SPE handling
         - Correct PPC event post processing
      
        Tools:
         - Make the build system more robust
         - Small fixes and enhancements all over the place
         - Update kernel ABI header copies
         - Preparatory work for converting libtraceevnt to a shared library
         - License cleanups"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (100 commits)
        tools arch: Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy'
        tools arch x86: Update tools's copy of cpufeatures.h
        perf python: Fix pyrf_evlist__read_on_cpu() interface
        perf mmap: Store real cpu number in 'struct perf_mmap'
        perf tools: Remove ext from struct kmod_path
        perf tools: Add gzip_is_compressed function
        perf tools: Add lzma_is_compressed function
        perf tools: Add is_compressed callback to compressions array
        perf tools: Move the temp file processing into decompress_kmodule
        perf tools: Use compression id in decompress_kmodule()
        perf tools: Store compression id into struct dso
        perf tools: Add compression id into 'struct kmod_path'
        perf tools: Make is_supported_compression() static
        perf tools: Make decompress_to_file() function static
        perf tools: Get rid of dso__needs_decompress() call in __open_dso()
        perf tools: Get rid of dso__needs_decompress() call in symbol__disassemble()
        perf tools: Get rid of dso__needs_decompress() call in read_object_code()
        tools lib traceevent: Change to SPDX License format
        perf llvm: Allow passing options to llc in addition to clang
        perf parser: Improve error message for PMU address filters
        ...
      d207ea8e
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2a8a2b7c
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - Correct the L1TF fallout on 32bit and the off by one in the 'too much
         RAM for protection' calculation.
      
       - Add a helpful kernel message for the 'too much RAM' case
      
       - Unbreak the VDSO in case that the compiler desides to use indirect
         jumps/calls and emits retpolines which cannot be resolved because the
         kernel uses its own thunks, which does not work for the VDSO. Make it
         use the builtin thunks.
      
       - Re-export start_thread() which was unexported when the 32/64bit
         implementation was unified. start_thread() is required by modular
         binfmt handlers.
      
       - Trivial cleanups
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/speculation/l1tf: Suggest what to do on systems with too much RAM
        x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
        x86/kvm/vmx: Remove duplicate l1d flush definitions
        x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
        x86/process: Re-export start_thread()
        x86/mce: Add notifier_block forward declaration
        x86/vdso: Fix vDSO build if a retpoline is emitted
      2a8a2b7c
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · de375035
      Linus Torvalds authored
      Pull irq update from Thomas Gleixner:
       "A small set of updats/fixes for the irq subsystem:
      
         - Allow GICv3 interrupts to be configured as wake-up sources to
           enable wakeup from suspend
      
         - Make the error handling of the STM32 irqchip init function work
      
         - A set of small cleanups and improvements"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic-v3: Allow interrupt to be configured as wake-up sources
        irqchip/tango: Set irq handler and data in one go
        dt-bindings: irqchip: renesas-irqc: Document r8a774a1 support
        irqchip/s3c24xx: Remove unneeded comparison of unsigned long to 0
        irqchip/stm32: Fix init error handling
        irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
      de375035
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a9ce3233
      Linus Torvalds authored
      Pull licking update from Thomas Gleixner:
       "Mark the switch cases which fall through to the next case with the
        proper comment so the fallthrough compiler checks can be enabled"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        futex: Mark expected switch fall-throughs
      a9ce3233
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-for-4.19_dax-memory-failure' of... · 2923b27e
      Linus Torvalds authored
      Merge tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm
      
      Pull libnvdimm memory-failure update from Dave Jiang:
       "As it stands, memory_failure() gets thoroughly confused by dev_pagemap
        backed mappings. The recovery code has specific enabling for several
        possible page states and needs new enabling to handle poison in dax
        mappings.
      
        In order to support reliable reverse mapping of user space addresses:
      
         1/ Add new locking in the memory_failure() rmap path to prevent races
            that would typically be handled by the page lock.
      
         2/ Since dev_pagemap pages are hidden from the page allocator and the
            "compound page" accounting machinery, add a mechanism to determine
            the size of the mapping that encompasses a given poisoned pfn.
      
         3/ Given pmem errors can be repaired, change the speculatively
            accessed poison protection, mce_unmap_kpfn(), to be reversible and
            otherwise allow ongoing access from the kernel.
      
        A side effect of this enabling is that MADV_HWPOISON becomes usable
        for dax mappings, however the primary motivation is to allow the
        system to survive userspace consumption of hardware-poison via dax.
        Specifically the current behavior is:
      
           mce: Uncorrected hardware memory error in user-access at af34214200
           {1}[Hardware Error]: It has been corrected by h/w and requires no further action
           mce: [Hardware Error]: Machine check events logged
           {1}[Hardware Error]: event severity: corrected
           Memory failure: 0xaf34214: reserved kernel page still referenced by 1 users
           [..]
           Memory failure: 0xaf34214: recovery action for reserved kernel page: Failed
           mce: Memory error not recovered
           <reboot>
      
        ...and with these changes:
      
           Injecting memory failure for pfn 0x20cb00 at process virtual address 0x7f763dd00000
           Memory failure: 0x20cb00: Killing dax-pmd:5421 due to hardware memory corruption
           Memory failure: 0x20cb00: recovery action for dax page: Recovered
      
        Given all the cross dependencies I propose taking this through
        nvdimm.git with acks from Naoya, x86/core, x86/RAS, and of course dax
        folks"
      
      * tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm, pmem: Restore page attributes when clearing errors
        x86/memory_failure: Introduce {set, clear}_mce_nospec()
        x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses
        mm, memory_failure: Teach memory_failure() about dev_pagemap pages
        filesystem-dax: Introduce dax_lock_mapping_entry()
        mm, memory_failure: Collect mapping size in collect_procs()
        mm, madvise_inject_error: Let memory_failure() optionally take a page reference
        mm, dev_pagemap: Do not clear ->mapping on final put
        mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages
        filesystem-dax: Set page->index
        device-dax: Set page->index
        device-dax: Enable page_mapping()
        device-dax: Convert to vmf_insert_mixed and vm_fault_t
      2923b27e
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm · 828bf6e9
      Linus Torvalds authored
      Pull libnvdimm updates from Dave Jiang:
       "Collection of misc libnvdimm patches for 4.19 submission:
      
         - Adding support to read locked nvdimm capacity.
      
         - Change test code to make DSM failure code injection an override.
      
         - Add support for calculate maximum contiguous area for namespace.
      
         - Add support for queueing a short ARS when there is on going ARS for
           nvdimm.
      
         - Allow NULL to be passed in to ->direct_access() for kaddr and pfn
           params.
      
         - Improve smart injection support for nvdimm emulation testing.
      
         - Fix test code that supports for emulating controller temperature.
      
         - Fix hang on error before devm_memremap_pages()
      
         - Fix a bug that causes user memory corruption when data returned to
           user for ars_status.
      
         - Maintainer updates for Ross Zwisler emails and adding Jan Kara to
           fsdax"
      
      * tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm: fix ars_status output length calculation
        device-dax: avoid hang on error before devm_memremap_pages()
        tools/testing/nvdimm: improve emulation of smart injection
        filesystem-dax: Do not request kaddr and pfn when not required
        md/dm-writecache: Don't request pointer dummy_addr when not required
        dax/super: Do not request a pointer kaddr when not required
        tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
        s390, dcssblk: kaddr and pfn can be NULL to ->direct_access()
        libnvdimm, pmem: kaddr and pfn can be NULL to ->direct_access()
        acpi/nfit: queue issuing of ars when an uc error notification comes in
        libnvdimm: Export max available extent
        libnvdimm: Use max contiguous area for namespace size
        MAINTAINERS: Add Jan Kara for filesystem DAX
        MAINTAINERS: update Ross Zwisler's email address
        tools/testing/nvdimm: Fix support for emulating controller temperature
        tools/testing/nvdimm: Make DSM failure code injection an override
        acpi, nfit: Prefer _DSM over _LSR for namespace label reads
        libnvdimm: Introduce locked DIMM capacity support
      828bf6e9
  7. 25 Aug, 2018 1 commit
    • Linus Torvalds's avatar
      Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · b3262720
      Linus Torvalds authored
      Pull ARM SoC late updates from Olof Johansson:
       "A couple of late-merged changes that would be useful to get in this
        merge window:
      
         - Driver support for reset of audio complex on Meson platforms. The
           audio driver went in this merge window, and these changes have been
           in -next for a while (just not in our tree).
      
         - Power management fixes for IOMMU on Rockchip platforms, getting
           closer to kexec working on them, including Chromebooks.
      
         - Another pass updating "arm,psci" -> "psci" for some properties that
           have snuck in since last time it was done"
      
      * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        iommu/rockchip: Move irq request past pm_runtime_enable
        iommu/rockchip: Handle errors returned from PM framework
        arm64: rockchip: Force CONFIG_PM on Rockchip systems
        ARM: rockchip: Force CONFIG_PM on Rockchip systems
        arm64: dts: Fix various entry-method properties to reflect documentation
        reset: imx7: Fix always writing bits as 0
        reset: meson: add meson audio arb driver
        reset: meson: add dt-bindings for meson-axg audio arb
      b3262720